Safe Harbor Policy

SAFE HARBOR PRIVACY POLICY STATEMENT

Arvato Digital Services LLC, Arvato Entertainment LLC and Arvato Services LLC (collectively, the “Company”) are committed to preserving personal privacy. As part of that commitment, the Company adheres to the Safe Harbor Privacy Principles developed by the United States Department of Commerce in consultation with the European Commission and the Federal Data Protection and Information Commissioner of Switzerland (the “Safe Harbor program”) with respect to personal information within the scope of this Statement, pursuant to the European Commission's personal data directive (the “EU Personal Data Directive”) and the Swiss Federal Act on Data Protection.

The Company complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. The Company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the Company's certification, please visit: http:/ /www.export.gov/safeharbor/

Scope
This Statement applies to all personal information received by the Company (or its subsidiaries) in the United States from the European Economic Area (“EEA”) or Switzerland.


Definitions
“Agent” means any third party that processes personal information pursuant to the instructions of, and solely for the benefit of, the Company, or to which the Company discloses personal information for processing on the Company's behalf.


“Data subject” means, as to personal information, the natural person as to which such personal information relates. Under this Statement, a data subject may be an employee of the Company or may be an employee, customer or other associate of the Company's client (provided that such customer or associate is a natural person), or may be any other natural person about which personal information is received by the Company (or its subsidiaries) in the United States from the European Economic Area or Switzerland.


“Personal information” means any information relating to an identified or identifiable natural person that is within the scope of the EU Personal Data Directive, received by the Company from the European Economic Area or Switzerland, and recorded in any form. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include anonymized information, aggregate information (to the extent an individual's identity cannot reasonably be derived from such information), or information as to which the data subject (who is not a Company employee) has freely given specific, informed and unambiguous consent for transfer to the United States.


'“Processing” of personal information means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.


“Sensitive personal information” means personal information that reveals a natural person's race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns a natural person's sex life or health.

Safe Harbor Principles
The following principles are based on the Safe Harbor Privacy Principles. Additional information about the Safe Harbor program is available at the U.S. Department of Commerce's website at http://www.export.gov/safeharbor.

Notice
When the Company is acting as an agent processing personal information under the direction of its clients in connection with providing e-commerce website hosting services on behalf of its clients, where applicable, the Company notifies individuals about the purposes for which it collects their personal information, and the types of third parties to which it may disclose their personal information.  Where applicable, the Company provides individuals with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Information for a purpose other than for which it was originally collected.

With respect to employees of the Company, on occasion, affiliates of the Company transfer employee personal data to the United States in connection with the efficient management and operation of the Company and its affiliates, enabling all personnel of such entities to communicate with one another and work together, human resources and benefits administration, and safety and security processes. The Company or its affiliates may also transfer such employee personal data to an agent of the Company in connection with the above purposes, such as a payroll provider or benefits provider. Data may also be processed and transferred to the United States in connection with collection and discovery requests in the context of litigation or government investigations, and in such context it may be made available to adverse parties in litigation or governmental entities.

Choice
As an agent processing personal information under the direction of its clients in connection with providing e-commerce website hosting services on behalf of its clients, where applicable, the Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party other than the client, or another entity who is not acting as an agent; or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Employees of the Company or its affiliates who reside in the EEA or Switzerland have the choice to opt-out of having their personal information disclosed to a third party that is not an agent or used for a purpose other than that for which it was originally collected as described in the “Notice” section above. Employees so desiring to opt-out should contact their Human Resources representative or alternatively may contact the Legal Department using the contact information provided at the end of this Policy.

Except as permitted by the Safe Harbor Privacy Principles, the Company does not use sensitive employee personal information for a purpose other than that for which it was originally collected, or disclose sensitive employee personal information to a third party that is not an agent of the Company, without the employee's opt-in to such use or disclosure, respectively.

This provision does not apply to public record information or publicly available information except in certain situations as defined by the Safe Harbor Program.

Onward Transfer
The Company will obtain reasonable assurances from its agents that they will safeguard personal information collected by the Company consistently with this Statement and the Safe Harbor Privacy Principles. Examples of appropriate assurances may include: a contract obliging the agent to afford a level of protection to the personal information that is at least equivalent to the Safe Harbor Privacy Principles; Safe Harbor certification by the agent; or the agent being subject to EU Directive 95/46/EC or other law providing an adequate level of privacy protection.

This provision does not apply to public record information or publicly available information except in certain situations as defined by the Safe Harbor Program.

Access
Upon an individual's request, the Company (or its client or its designee) will offer such individual reasonable access to his or her personal information and will afford such individual a reasonable opportunity to correct, amend, or delete inaccurate information. If a Company employee would like to access personal information maintained by the Company, the employee should make a written request to his or her local human resources representative. If a non-Company data subject would like to access personal information maintained by the Company, the individual should contact the Company using the contact information set forth in the “Contact Information” section below. For security purposes, the individual may need to provide the Company with various pieces of personal information to process the request. The Company may limit or deny access to personal information, or charge a fee, where providing such access would be unreasonably burdensome or expensive under the circumstances or as otherwise permitted by the Safe Harbor Privacy Principles.

Security
The Company will take reasonable measures including technical, physical, and administrative measures and training to protect personal information from loss, misuse, and unauthorized disclosure, access, alteration, and destruction. The Company safeguards information according to established security standards and periodically assesses new technology for methods of protecting information. However, the Company cannot guarantee the security of personal information.

Data Integrity
The Company (or its client or its designee) will take reasonable measures to ensure that personal information is relevant for its intended use, reliable for its intended use, accurate, complete, and current.

Enforcement and Dispute Resolution
The Company will conduct periodic assessments to confirm the accuracy of, and verify its adherence to, this Statement. The Company will investigate suspected infractions. Any employee that the Company determines to be in violation of this Statement will be subject to disciplinary action, which may include termination of employment.
Any questions, concerns, or complaints concerning the collection and use of personal information by the Company should be directed to the Office of the General Counsel at the address given below. The Company will conduct a reasonable investigation of and will attempt to resolve any complaints in accordance with the principles contained in this Statement. For complaints that cannot be resolved between the Company and the complainant, the Company agrees to participate in the dispute resolution procedures of the panel established by the European Union data protection authorities (DPAs) to resolve disputes pursuant to the Safe Harbor Privacy Principles, and to cooperate and comply with the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland.  The EU DPA panel may be contacted at ec-dppanel-secr@ec.europa.eu and the EU DPAs may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/ bodies/authorities/eu/index_en.htm. The contact information for the Swiss FDPIC can be found at: http://www.edoeb.admin.ch/kontakt/index.html?lang=en.

Limitations
The Company's adherence to the Safe Harbor Privacy Principles may be limited by any applicable legal, regulatory, ethical or public interest consideration, and as expressly permitted or required by any applicable law, rule, or regulation. Examples of such limitations include but are not limited to exceptions to the opt-in requirements for sensitive personal information permitted by Commission Decision 2000/520/EC of 26 July 2000, exceptions on access as permitted by Safe Harbor Privacy Principles, or under applicable European Economic Area member state or Swiss directives. The Company also may disclose personal information reasonably related to the sale or disposition of all or part of its business.

Modification of this Safe Harbor Privacy Statement
This Statement may be amended from time to time with or without notice in accordance with the Safe Harbor Privacy Principles. Any modified statement will be posted on the Company's website.

Contact Information
Questions, concerns, or complaints concerning the collection and use of personal information by the Company pursuant to this Safe Harbor Privacy Policy Statement should be directed by mail or electronic mail to the following address:  Arvato Digital Services LLC, Legal Department, 1700 Broadway, 26th Floor, New York, New York 10019, Phone: (212) 782-1141, email: safeharbor@arvatousa.com

Privacy Policy

For more information on Data Privacy and other Privacy matters please review our Privacy Policy.