(DSU Discovery (“DSU”) complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. DSU has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DSU’s certification, please visit http://www.export.gov/safeharbor/
DSU has adopted the 7 safe harbor principles published by the Department of Commerce. The following privacy principles apply to our collection, use, and disclosure of personal data from the European Economic Area.
Notice: DSU does not use customer data for any purpose incompatible with those purposes authorized in its client agreements. Sensitive information is not stored except as directed by DSU clients who own the data and does not transfer to third-parties except as authorized by client.
Choice: Where DSU collects personal information directly from individuals within the European Economic Area, DSU will offer the opportunity to choose (opt out) whether their personal information is:
- To be disclosed to a non-agent third-party or
- Can be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual or corporation.
- For sensitive personal information, DSU will give individuals the opportunity to affirmatively and explicitly (opt in) consent if the information is to be disclosed to a third-party or used for a purpose other than for which it was originally collected or subsequently authorized by the individual.
- DSU will provide individuals with reasonable mechanisms to exercise their choice should circumstances arise.
Onward Transfer: DSU will obtain assurances from its agents that they will safeguard personal information consistent with our own policies. If DSU becomes aware that an agent is using or disclosing personal information in a manner contrary to our policy, DSU will take reasonable steps to prevent or stop such processing.
Security: DSU will take reasonable and responsible steps to protect the personal information in its possession from loss, misuse, unauthorized access, or disclosure.
Data Integrity: DSU will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. DSU will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Access: Upon request, DSU will grant individuals reasonable access to personal information that it holds about them. In addition, DSU will take reasonable steps to allow individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Enforcement: DSU utilizes the self-assessment approach to assure its compliance with its privacy statement, and will annually self-certify with the US Department of Commerce as being in full compliance. DSU will conduct compliance audits to verify adherence to this policy. Any employee that DSU determines is in violation of this policy will be subject to disciplinary action.
356 Sixth Street
San Francisco, CA 94103
DSU has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principles to an independent dispute resolution mechanism, JAMS.