Self-Regulatory Framework Policy For The EU-U.S. Privacy Shield

Managed Technology Services LLC (“MTS”) adheres to the EU-U.S. Privacy Shield Framework including the Privacy Shield Principles and relevant Supplemental Principles (collectively, the “Principles”) with respect to all Personal Data that is provided by Customers and their Authorized Users in the European Economic Area (“EEA”) in reliance on the Privacy Shield under contract with us for our hosted online services (“Service”).

MTS’s Privacy Shield certification is listed at: www.privacyshield.gov/list.  To learn more about the Privacy Shield Framework, please visit the Department of Commerce’s dedicated Privacy Shield website, located at: www.privacyshield.gov/Program-Overview

 

Definitions

For the purposes of this Privacy Policy:

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Customer” means any entity that purchases the Service.

“Personal Data” means any information, including Sensitive Data, that is (a) about an identified or identifiable individual and (b) received by MTS in the U.S. from the EEA in connection with the Service.

“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

“Authorized User” means an individual authorized by Customer to access and use the Service.

 

Types Of Personal Data Collected

MTS collects Personal Data from individuals who visit our public website. We also collect Personal Data from Customers and Authorized Users contracting our Service.

When individuals visit our public website, we may collection contact information, event registrations and preferences, feedback or request for support. Other data may include, log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our website. Activities, interactions, preferences, transactional information and other computer and connection information (such as IP address) relating to use of our website may also be collected.

The types of Personal Data collected from Customers and their Authorized Users contracting our Service includes their contact information, client and prospect information, financial and billing information, security authorization and authentication information, transactional information, usage activity, preferences and other Personal Data they provide.

 

Purposes for  Personal Data Collection and Use

We collect and use such Personal Data to provide and improve our services, Customer support, billing and marketing activities, to respond to requests, to process transactions, for administrative purposes and as otherwise instructed by Customers and their Authorized Users.

 

Disclosures to Third Parties and Liability for Onward Transfers

We disclose such Personal Data to the following types of third parties for the foregoing purposes:

  • Affiliates, contractors and other service providers to assist us in providing our Service, support and related activities to Customers based on our instructions;
  • Customers’ affiliates and their administrators and other authorized recipients as part of the Customer’s contract for our Service or as otherwise instructed by Customers;
  • Business partners, sponsors and other third parties with which we offer webinars, white papers and other services;
  • Channel partners, such as distributors and resellers, to fulfill product and information requests;
  • Other corporate entities as part of a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets.

We remain responsible for the Personal Data that we share with third parties for processing on our behalf, and we remain liable under the Principles if such third parties process such Personal Data in a manner inconsistent with the Principles and we are responsible for the event giving rise to the damage.

We may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

Rights of Access and Limiting Use and Disclosure

We will retain your Personal Data for as long as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. Individuals in the EEA have a right to access to their Personal Data, to correct, amend, or delete that data, and to limit use and disclosure of that data, subject to certain exceptions. To exercise these rights, please contact us via the contact details below.

As an agent processing Personal Data on behalf of its Customers, MTS does not own or control the Personal Data that it processes on behalf of its Customers or their Authorized Users and does not have a direct relationship with the individual who’s Personal Data may be processed in connection with providing the Service.  Since each Customer is in control of what information, including any Personal Data, it collects from its users, how that information is used and disclosed, and how that information can be changed, we may first refer your request to the Customer as the Controller of such Personal Data. We will assist our Customer as needed in responding to your request.

 

Choice

MTS will offer Customers and Authorized Users choice to the extent it (i) discloses their Personal Data to third party Controllers, or (ii) uses their Personal Data for a purpose that is materially different from the purposes for which the Personal Data was originally collected or subsequently authorized by the Customer or Authorized User.  To the extent required by the Principles, MTS also will obtain opt‑in consent if it engages in certain uses or disclosures of Sensitive Data.  Unless MTS offers Customers and Authorized Users an appropriate choice, MTS uses Personal Data only for purposes that are materially the same as those indicated in this Policy.

MTS may disclose Personal Data of Customers and Authorized Users without offering an opportunity to opt out, and may be required to disclose the Personal Data, (a) to third‑party Processors that MTS has retained to perform services on its behalf and pursuant to its instructions, (b) if it is required to do so by law or legal process, or (c) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.  MTS also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

 

Inquires or Complaints

If you have any inquiry or complaint concerning this Privacy Shield Notice or our participation in the Privacy Shield, please contact us at privacy@hbrconsulting.com or

Privacy Officer
Managed Technology Services LLC
440 S LaSalle St Ste 2250
Chicago, IL  60605
USA

 

Security Statement

MTS maintains reasonable and appropriate measures to protect the Personal Data obtained in connection with the Service from loss, misuse and unauthorized access, disclosure, alteration and destruction.

 

Independent Dispute Resolution

When we receive written complaints, we will follow up with the person who made the claim within 45 days. If the issue cannot be resolved through our internal processes, we have designated the International Centre for Dispute Resolution, a division of the American Arbitration Association (“ICDR-AAA”) as our independent recourse mechanism to address complaints and provide appropriate recourse free of charge to individuals covered by the Privacy Shield. We encourage you to raise with MTS any complaints or concerns you have regarding MTS’s adherence to the Privacy Shield Principles prior to proceeding to ICDR-AAA. The website for submitting complaints to the ICDR-AAA can be found at: info.adr.org/safeharbor/

 

Arbitration

Individuals covered by Privacy Shield may seek binding arbitration to determine, for residual claims, whether MTS has violated its obligations under the Privacy Shield Principles regarding your Personal Data and whether any such violation remains fully or partially unremedied – this option is only available for these purposes. For additional information about the Privacy Shield arbitration process, please visit the Privacy Shield website at: www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

Enforcement

Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

 

Changes to Our Privacy Policy

MTS reserves the right to update or change this Privacy Policy from time to time. If we make material changes to this Privacy Policy, we will notify you through an appropriate online notice (and obtain your consent where required by applicable law). Your continued use of the website or Service is deemed to be acceptance of any updates or changes we make to this Privacy Policy and as such, we ask that you review the Privacy Policy periodically for any updates or changes that we may have made.