IdenTrust Inc. Logo
Home | My Account | Contact Us  

 
IDENTRUST PRIVACY SHIELD POLICY


1. DEFINITIONS.

"IdenTrust" means IdenTrust, Inc. and its wholly owned and controlled subsidiary, IdenTrust Services, LLC.

"Privacy Shield" means the EU-U.S. Privacy Shield Framework or the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, as may be applicable with respect to given Subject Data.

"Personal Data" means information that (a) with respect to information exported to IdenTrust from the European Union as described in Section 2 of this IdenTrust Privacy Shield Policy, information that is afforded protection pursuant to the provisions of the EU Data Protection Directive (95/46/EC), or (b) with respect to information exported to IdenTrust from Switzerland as described in Section 2 of this IdenTrust Privacy Shield Policy, information that is afforded protection pursuant to the Swiss Federal Act on Data Protection.

"Privacy Shield Principles" means the "Privacy Shield Principles", inclusive of the "Supplemental Principles" provisions thereof, as such have been publically issued by the Department of Commerce of the United States of America.

"Subject Data" is defined in Section 2 of this IdenTrust Privacy Shield Policy.

2. PARTICIPATION; PRIVACY SHIELD LIST; SCOPE; TYPES OF DATA; COMMITMENT; PURPOSES.

IdenTrust has certified to the Department of Commerce of the United States of America that IdenTrust adheres to the Privacy Shield Principles. If there is any conflict between the terms in this IdenTrust Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. With respect to Subject Data, this IdenTrust Privacy Shield Policy governs and not the IdenTrust Privacy Policy.

The list maintained by the Department of Commerce of the United States of America and which identifies participants in the Privacy Shield program can be found at the following Internet address:

https://www.privacyshield.gov/list

IdenTrust does receive information exported by customers of IdenTrust from European Union member countries and from Switzerland. Some of the information so exported is Personal Data of employees of customers of IdenTrust or Personal Data of end-users of the services of customers of IdenTrust.

At its facilities in the United States of America, IdenTrust receives Personal Data exported from European Union member countries and from Switzerland by financial institutions that are customers of IdenTrust, but such receipt occurs only as part of the following services of IdenTrust:

  • Infrastructure services of IdenTrust provided to certain financial institutions that are customers of IdenTrust and that issue IdenTrust Trust Network-compliant digital identity certificates to end-users that assert affiliation of the given end user with a business entity named in the certificate and which certificate is for use in connection with the business of such business entity; and
  • Electronic bank account management infrastructure operations of IdenTrust provided to certain financial institutions that are customers of IdenTrust, which customers utilize such infrastructure operations to support their business banking services.
The Personal Data received by IdenTrust as described above and that is subject to the Privacy Shield is referred to herein as "Subject Data". With respect to Subject Data, IdenTrust is committed to compliance with the Privacy Shield.

IdenTrust uses Subject Data only for purposes of processing Subject Data for the institution that exported the Subject Data to IdenTrust. With respect to such use by IdenTrust, specifications for the use are determined in advance by contract with the institution exporting the Subject Data to IdenTrust. As between IdenTrust and institutions that export Subject Data to IdenTrust for processing as described above in this IdenTrust Privacy Shield Policy, the institution is the owner of the information and IdenTrust disclaims all ownership of such data.

IdenTrust does not collect Personal Data subject to the Privacy Shield other than data from employees of IdenTrust. Such collection of information is outside the scope of this IdenTrust Privacy Shield Policy.

3. NOTICE; CHOICE

IdenTrust only processes Subject Data. Under the EU Data Protection Directive (95/46/EC) or Swiss Federal Act on Data Protection, as applicable with respect to given Subject Data, each institution that exports Subject Data to IdenTrust for processing as described above in this IdenTrust Privacy Shield Policy is in relation to Subject Data exported by that institution (a) the "controller" of such Subject Data and (b) responsible for providing any notices, obtaining any authorizations, and affording any choices to individuals identified in Subject Data.

4. ACCURACY; ACCESS

IdenTrust only processes Subject Data as such is received by IdenTrust. Accuracy of Subject Data is the responsibility of the institution that exported the Subject Data to IdenTrust. In the event of a request for access to Subject Data, the requestor must initiate such request via inquiry made to the contract set forth in Section 9 of this IdenTrust Privacy Shield Policy. Because IdenTrust only processes Subject Data as such is received by IdenTrust, if an inquiry results in particular Subject Data being associated with the inquirer, IdenTrust will refer the inquirer to the institution that exported the relevant Subject Data to IdenTrust as such institution is responsible for the accuracy of Subject Data as provided to IdenTrust. Subject to the applicable requirements of the Privacy Shield relating to fees, IdenTrust reserves the right to charge a fee to the inquirer in connection with the inquiry, regardless of the results of the inquiry.

5. DISCLOSURES; ONWARD TRANSFERS

IdenTrust may disclose Subject Data in the following circumstances:

  • in accordance with the instructions of the institution that exported the applicable Subject Data to IdenTrust and which institution, in the context of the EU Data Protection Directive (95/46/EC) or Swiss Federal Act on Data Protection, as applicable with respect to given Subject Data, is the "controller" of the data and responsible for providing any notices, obtaining any authorizations, and affording any choices to individuals identified in Subject Data transferred according to such instructions;
  • as provided for under Section 7 of this IdenTrust Privacy Shield Policy, as well as when otherwise required to by law, regulation, or court order;
  • in the course of any dispute resolution process provided for in Section 10 of this IdenTrust Privacy Shield Policy; and
  • as an onward transfer for subprocessing for the purposes of the subprocessor performing supply and fulfillment relative to provisioning of computer hardware (e.g. smartcards, electronic tokens) where such hardware is requested by the institution exporting the applicable Subject Data to IdenTrust.
Where IdenTrust transfers Subject Data to a subprocessor, IdenTrust contracts with the subprocessor so that the Subject Data receives adequate protection and so that use is limited to the necessary subprocessing function. Within the context of the Privacy Shield and to the extent required by the Privacy Shield, IdenTrust retains responsibility for the safeguarding of Subject Data by the subprocessor.

6. SECURITY

IdenTrust takes reasonable and appropriate measures to protect Subject Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Subject Data.

7. DISCLOSURES TO LAW ENFORCEMENT

IdenTrust may to disclose Subject Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

8. CHANGES TO THIS IDENTRUST PRIVACY SHIELD POLICY
From time to time IdenTrust may revise this policy, which revisions will become effective at the time of posting of a revised version of this policy at the following web address: www.IdenTrust.com/privacyshieldpolicy.html

9. CONTACT

In the event an individual desires to contact IdenTrust with inquiries or complaints related to IdenTrust, the Privacy Shield, and Subject Data, IdenTrust can be contacted at the following email address: privacy.shield@IdenTrust.com

10. DISPUTE RESOLUTION; BINDING ARBITRATION

In the event an individual has a complaint related to IdenTrust, the Privacy Shield, and Subject Data where such complaint is not resolved through contact made with IdenTrust pursuant to Section 9 of this IdenTrust Privacy Shield Policy, IdenTrust designates JAMS as the independent recourse mechanism of IdenTrust under the Privacy Shield. JAMS can be contacted through the instructions provided at the following web address: https://www.jamsadr.com/eu-us-privacy-shield

In accordance with the Privacy Shield and subject to any applicable statutes and case law, it may be possible, under certain conditions, for an individual who is identified within Subject Data to invoke binding arbitration with respect to what the Privacy Shield identifies as "residual" claims; provided, however, IdenTrust only agrees to such arbitration where (a) such arbitration is required under the Privacy Shield, (b) such arbitration subject to all conditions set forth in the Privacy Shield relating to such arbitration, and (c) the individual initiating such arbitration notices IdenTrust of the arbitration and follows the procedures specified in the Privacy Shield.

For purposes of communications relating to this Section 10 of this IdenTrust Privacy Shield Policy, IdenTrust can be contacted at the following address: privacy.shield@IdenTrust.com

11. AUTHORITY

IdenTrust is subject to the investigatory and enforcement powers of the Federal Trade Commission of the United States of America, as well as any other agency of the federal government of the United States of America having such powers where such powers are applicable to IdenTrust under the federal laws of the United States of America.

Notwithstanding the foregoing provisions of this IdenTrust Privacy Shield Policy, with respect to any dispute relating to or arising out of the IdenTrust Privacy Shield Policy, IdenTrust reserves the right to assert all legal rights, privileges, defenses, and the like available to it under applicable law or regulation.



IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC
© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies