Privacy Shield Notice
Reviewed Jan 1st, 2020: Filed with the United States Department of Commerce – pending approval.
Scope. Our certification of adherence to the Privacy Shield Principles applies to the personal data that (a) we collect from our EU & Swiss customers and other visitors to our website for account management, billing or marketing purposes (“BigID User Data”); (b) we process on behalf of our EU & Swiss customers in providing online services to them under a service agreement (“Services Data”) and (c) we collect about our EU employees (past or present) collected in the context of the employment relationship (“HR Data”). BigID commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to HR Data transferred from the EU in the context of the employment relationship. Please contact us to be directed to the relevant SA contacts.
Inquiries and complaints. In compliance with the Privacy Shield Principles, BigID commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact BigID at:
524 Broadway, 7th Floor
New York, NY 10012
Attention: Privacy Officer
BigID has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus, and alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/ for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and BigID does not address it satisfactorily, BigID commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data transferred from the EU in the context of the employment relationship. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Arbitration. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1.
- Service Providers. We may employ third party companies and individuals to administer and provide the Services on our behalf (such as customer support, hosting, website analytics, email delivery, database management services). BigID maintains contracts with these service providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, including the onward transfer provisions, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
- Legal requirements. We may disclose Services Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the services, (d) to act in urgent circumstances to protect the personal safety of customers, their users or the public; or (e) to protect against legal liability.
- Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Services Data may be part of the transferred assets.
In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Your rights to access, to limit use, and to limit disclosure. Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights.
If your personal data includes BigID Personal Data, you can request access to that data and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
U.S. Federal Trade Commission Enforcement. BigID’s commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.