Veristream Privacy Shield Notice

Veristream, LLC (“Veristream,” “we” or “us”) has adopted this Privacy Shield Notice (“Notice”) to explain how we collect, use and disclose the Personal Data that we receive and process in the United States on behalf of our Customers (defined below) located in the European Union, European Economic Area (collectively the “EU”), and Switzerland. Veristream complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. Veristream has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/ Veristream is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). In this Policy: “Personal Data” means data that personally identifies or may be used to personally identify a person. “Customer” means a prospective, current, or former customer, or client of Veristream who uses Veristream’s paid products and services. 1. SCOPE This Notice applies to the Personal Data that Veristream receives from and processes on behalf of its Customers located in the EU and Switzerland. Veristream acts as a data processor of the Personal Data we process on behalf of our Customers (who are data controllers with respect to the personal data we process on their behalf). 2. PERSONAL DATA PROCESSED AND PURPOSES OF PROCESSING Veristream provides Visitor Management Systems which allow our customers to check in visitors to their facilities. Our customers provide Veristream with information about an individual, such as name, company name, and email, and Veristream processes this information to record the visitor’s entry and exit to the facility. We will only process the Personal Data we receive from an EU or Swiss Customer, in order to provide our services to that Customer. As noted, Veristream processes Personal Data on behalf of EU and Swiss Customers in its capacity as a data processor (in other words a service provider to our Customers); we will receive, store, and/or process Personal Data owned and/or controlled by our Customers on behalf of and under the direction of each particular Customer. Our Customers are responsible for directly notifying individuals and providing them with any required choices about how their Personal Data are processed by us on the Customer’s behalf. 3. DISCLOSURES/ONWARD TRANSFERS OF PERSONAL DATA Except as noted below, Veristream does not disclose Personal Data to any Third Parties as part of our service. Veristream may provide Personal Data to Third Parties that act as service providers to perform tasks on behalf of and under our written instructions (“Third Party Agents”). Specifically, we store Personal Data on servers hosted at facilities operated by a Third Party. Third Party Agents must agree to use such Personal Data only for the purpose for which it is provided by us and they must contractually agree to provide adequate protections for the Personal Data that are no less protective than those required by the Privacy Shield Principles. In cases of onward transfer to third parties of Personal Data covered under our EU-US Privacy Shield or Swiss-US Privacy Shield certifications, Veristream may continue to be liable. Veristream may also disclose Personal Data for other purposes or to other Third Parties, when an individual has consented to or requested such disclosure. In addition, Veristream may use or disclose Personal Data where required by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 4. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA Veristream acknowledges that EU and Swiss individuals have the right to access the personal information that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to support@veristream.com. If requested to remove data, we will respond within a reasonable timeframe. We will also provide an EU or Swiss individuals with opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to support@veristream.com. If you would like to request access to the Personal Data we have processed on behalf of one of our Customers, please contact us at support@veristream.com and provide us your name and contact information. We will refer your request to the Customer who provided us with your Personal Data and will support them as needed in responding to your request. 5. QUESTIONS OR COMPLAINTS In compliance with the Privacy Shield Principles, Veristream commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Veristream at: support@veristream.com. Veristream will promptly investigate and attempt to resolve any complaints and disputes, and will respond within 45 days of receiving any such complaint. Veristream has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introductionIndividuals may also submit complaints through their local Data Protection Authority (DPA). We will work with the Department of Commerce to resolve any complaints forwarded by a DPA. Effective Date: May 9, 2018